Module: check_mk
Branch: master
Commit: 7b27e65c1ea5b9a7da3e00ac46c20160cb14a20a
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7b27e65c1ea5b9…
Author: Tom Baerwinkel <tb(a)mathias-kettner.de>
Date: Fri Jan 5 15:35:30 2018 +0100
5486 Add permission for admins to see custom views and dashboards
Previously, admins could only see custom views, dashboards and reports of a
user if the owner set the option "Make this view/dashboard/report available for
other users". Now admins can see the views, dashboards and reports of all
users. This also implies that admins are allowed to edit and clone these views.
Change-Id: I4079adc1f960c5355ed4ca8e7d679049bbe7ad59
---
.werks/5486 | 13 +++++++++++++
web/htdocs/default_permissions.py | 7 +++++++
web/htdocs/visuals.py | 37 ++++++++++++++++++++-----------------
3 files changed, 40 insertions(+), 17 deletions(-)
diff --git a/.werks/5486 b/.werks/5486
new file mode 100644
index 0000000..3872183
--- /dev/null
+++ b/.werks/5486
@@ -0,0 +1,13 @@
+Title: Add permission for admins to see custom views, dashboards and reports
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.5.0i3
+Date: 1515161999
+Class: feature
+
+Previously, admins could only see custom views, dashboards and reports of a
+user if the owner set the option "Make this view/dashboard/report available for
+other users". Now admins can see the views, dashboards and reports of all
+users. This also implies that admins are allowed to edit and clone these views.
diff --git a/web/htdocs/default_permissions.py b/web/htdocs/default_permissions.py
index fe89f56..4152535 100644
--- a/web/htdocs/default_permissions.py
+++ b/web/htdocs/default_permissions.py
@@ -38,6 +38,7 @@ loaded_with_language = False
# | Declare general permissions for Multisite |
# '----------------------------------------------------------------------'
+
def load_plugins(force):
global loaded_with_language
if loaded_with_language == current_language and not force:
@@ -166,6 +167,7 @@ def load_plugins(force):
loaded_with_language = current_language
+
# TODO: This has been obsoleted by pagetypes.py
def declare_visual_permissions(what, what_plural):
config.declare_permission("general.edit_" + what,
@@ -188,6 +190,11 @@ def declare_visual_permissions(what, what_plural):
_("Make own published %s override builtin %s for all users.") %
(what_plural, what_plural),
[ "admin" ])
+ config.declare_permission("general.edit_foreign_" + what,
+ _("Edit foreign %s") % what_plural,
+ _("Allows to edit %s created by other users.") % what_plural,
+ [ "admin" ])
+
config.declare_permission("general.delete_foreign_" + what,
_("Delete foreign %s") % what_plural,
_("Allows to delete %s created by other users.") % what_plural,
diff --git a/web/htdocs/visuals.py b/web/htdocs/visuals.py
index 3efbccc..3fbf38e 100644
--- a/web/htdocs/visuals.py
+++ b/web/htdocs/visuals.py
@@ -268,7 +268,7 @@ def available(what, all_visuals):
permprefix = what[:-1]
def published_to_user(visual):
- if visual["public"] == True:
+ if visual["public"] is True:
return True
if type(visual["public"]) == tuple and visual["public"][0] ==
"contact_groups":
@@ -354,17 +354,17 @@ def page_list(what, title, visuals, custom_columns = None,
# TODO: We hack in those visuals that already have been moved to pagetypes here
if pagetypes.has_page_type("graph_collection"):
- html.context_button(_("Graph Collections"),
"graph_collections.py", "graph_collection")
+ html.context_button(_("Graph collections"),
"graph_collections.py", "graph_collection")
if pagetypes.has_page_type("custom_graph"):
- html.context_button(_("Custom Graphs"), "custom_graphs.py",
"custom_graph")
+ html.context_button(_("Custom graphs"), "custom_graphs.py",
"custom_graph")
if pagetypes.has_page_type("graph_tuning"):
- html.context_button(_("Grap tunings"), "graph_tunings.py",
"graph_tuning")
- html.context_button(_("Bookmark Lists"), "bookmark_lists.py",
"bookmark_list")
+ html.context_button(_("Graph tunings"), "graph_tunings.py",
"graph_tuning")
+ html.context_button(_("Bookmark lists"), "bookmark_lists.py",
"bookmark_list")
html.end_context_buttons()
# Deletion of visuals
- delname = html.var("_delete")
+ delname = html.var("_delete")
if delname and html.transaction_valid():
if config.user.may('general.delete_foreign_%s' % what):
user_id = html.var('_user_id', config.user.id)
@@ -388,23 +388,26 @@ def page_list(what, title, visuals, custom_columns = None,
except MKUserError, e:
html.user_error(e)
- keys_sorted = visuals.keys()
- keys_sorted.sort(cmp = lambda a,b: -cmp(a[0],b[0]) or cmp(a[1], b[1]))
+ keys_sorted = sorted(visuals.keys(),
+ cmp=lambda a, b: -cmp(a[0], b[0]) or cmp(a[1], b[1]))
- custom = []
- builtin = []
+ my_visuals, foreign_visuals, builtin_visuals = [], [], []
for (owner, visual_name) in keys_sorted:
if owner == "" and not config.user.may("%s.%s" % (what_s,
visual_name)):
continue # not allowed to see this view
visual = visuals[(owner, visual_name)]
- if owner == config.user.id or \
- (visual["public"] and owner != '' and config.user_may(owner,
"general.publish_" + what)):
- custom.append((owner, visual_name, visual))
- elif visual["public"] and owner == "":
- builtin.append((owner, visual_name, visual))
-
- for title, items in [ (_('Custom'), custom), (_('Builtin'), builtin)
]:
+ if visual["public"] and owner == "":
+ builtin_visuals.append((owner, visual_name, visual))
+ elif owner == config.user.id:
+ my_visuals.append((owner, visual_name, visual))
+ elif (visual["public"] and owner != '' and
config.user_may(owner, "general.publish_%s" % what)) or \
+ config.user.may("general.edit_foreign_%s" % what):
+ foreign_visuals.append((owner, visual_name, visual))
+
+ for title, items in [(_('Customized'), my_visuals),
+ (_("Owned by other users"), foreign_visuals),
+ (_('Builtin'), builtin_visuals)]:
html.open_h3()
html.write(title)
html.close_h3()